MAGIC PRICES Privacy Policy
Last updated: 16/04/2024
This policy aims to provide the necessary information to understand how we process data to fulfil our mission and
offer you the best services.
To provide the best price and product comparison service, we need to process personal data.
This policy details the information we collect from our users. The European regulation on personal data protection
defines personal data as any information relating to an identified or identifiable natural person, directly or
indirectly, through an identification number or one or more specific elements.
The implementation of automated personal data processing is governed by Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016, which came into effect on 25 May 2018, known as the "GDPR".
1. Scope of Application
This policy applies to any natural person interacting with MAGIC PRICES as a customer or user of the site.
2. Identity and Contact Details of the Data Controller
MAGIC PRICES, SAS with a capital of €200,000
RCS Nantes: number 925 068 736
Address: Immeuble BAYA, 1 Rue Du Guesclin, 44000 Nantes, France
Represented by Mr Valéry LORRIC, in his capacity as President.
Phone number: +33 2 30 88 43 23
3. Data Protection Officer Contact
MAGIC PRICES has appointed a Data Protection Officer, whose contact details are:
Hamynä SAS
Email: [email protected]
4. Data Collected
MAGIC PRICES collects and processes only the personal data strictly necessary for its mission.
This may include:
- User identity and contact details (name, email, phone number)
- Your message via the contact form
- Account information: Username and password
- Profile information: Address and shopping preferences
- Browser type and version, IP address
- Date and time of access
- Web analytics data and pseudonymised usage profiles (Cookie ID, Pub ID, etc.)
- Websites that referred the user to our site
Magic Prices uses this data for the following purposes:
- To provide and improve our services
- To offer customer support
- To send you marketing communications and special offers if you opt in
5. Processing Purposes
MAGIC PRICES ensures that the processing of data is based on the legal grounds provided by Article 6 of the GDPR:
- The person's consent
- Legitimate interest
- Legal obligation
Website Analytics and Audience Measurement
Data Controller: MAGIC PRICES
Legal basis: Article 6.1.a: Consent of the data subject
Retention period: 13 months for cookies from the date of collection. Up to 25 months for information collected
through these trackers.
Recipients: The data controller, processors and technical partners required to produce audience and usage
statistics (e.g. analytics providers), and any authority legally authorised to access the data.
Transfers outside the European Union and the United Kingdom: Yes. Transfers may occur to analytics providers
located outside the EU/UK; appropriate safeguards (standard contractual clauses, adequacy decisions) are implemented.
Web Server Log Management
Data Controller: MAGIC PRICES
Legal basis: Article 6.1.c: Necessary to comply with a legal obligation
Retention period: 1 year from collection
Recipients: The data controller and any legally authorised authority.
Transfers outside the European Union and the United Kingdom: No.
Providing Services and Customer Support
Data Controller: MAGIC PRICES
Legal basis: Performance of the contract / legitimate interest, as applicable (Article 6.1.b or 6.1.f GDPR).
Retention period: Duration of the contractual relationship, then 5 years for evidential purposes in case of
litigation.
Recipients: The data controller, technical processors (hosting, support), and any authority legally entitled to
access the data.
Transfers outside the European Union and the United Kingdom: Yes. Depending on the providers (hosting,
support), transfers may occur; appropriate safeguards (standard contractual clauses, adequacy decisions) are
implemented.
Creating Targeted Advertising
Data Controller: MAGIC PRICES
Legal basis: Article 6.1.a: Consent of the data subject
Retention period: 13 months from collection
Recipients: The data controller, advertising partners and processors (ad networks, bidding platforms) strictly
necessary for targeting, and any authority legally authorised to access the data.
Transfers outside the European Union and the United Kingdom: Yes. Some advertising partners are located
outside the EU/UK; appropriate safeguards (standard contractual clauses, adequacy decisions) are implemented.
Newsletter Subscription Management
Data Controller: MAGIC PRICES
Legal basis: Article 6.1.a: Consent of the data subject
Retention period: Until unsubscription (withdrawal of consent).
Recipients: The data controller, the processor in charge of sending newsletters (e.g. emailing provider), and
any authority legally authorised to access the data.
Transfers outside the European Union and the United Kingdom: Yes. The emailing provider may be located outside
the EU/UK; appropriate safeguards (standard contractual clauses, adequacy decisions) are implemented.
Handling GDPR Rights Requests
Data Controller: MAGIC PRICES
Legal basis: Article 6.1.c: Legal obligation
Retention period: 3 years from the closure of the request file.
Recipients: The data controller, the DPO (Hamynä SAS), and any authority legally authorised to access the
data.
Transfers outside the European Union and the United Kingdom: No, unless explicitly requested by the data
subject.
User Account Creation
Data Controller: MAGIC PRICES
Legal basis: Article 6.1.a: Consent of the data subject
Retention period: 3 years after the last activity on the account.
Recipients: The data controller, technical processors (hosting, authentication), and any authority legally
authorised to access the data.
Transfers outside the European Union and the United Kingdom: Yes. Technical providers (hosting,
authentication) may be located outside the EU/UK; appropriate safeguards (standard contractual clauses, adequacy
decisions) are implemented.
For each defined purpose, Magic Prices ensures that all means are in place to guarantee the security and confidentiality of your personal data, in compliance with applicable laws and regulations.
6. Your Rights
Under GDPR, you have the following rights:
- Right of access: To know what personal data we hold about you (Article 15 GDPR)
- Right to rectification: To request the update of your data (Article 16 GDPR)
- Right to erasure: To request the deletion of your data (Article 17 GDPR)
- Right to restrict processing: To limit the processing of your personal data (Article 18 GDPR)
- Right to data portability: To receive your data in a structured format (Article 20 GDPR)
- Right to object: To withdraw your consent when processing is based on consent (Article 21 GDPR)
You can exercise these rights by contacting our Data Protection Officer at:
Hamynä SAS
Email: [email protected]
You may authorise a third party to exercise these rights on your behalf.
Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of prior processing.
The legal response period is 30 days from receipt of your request.
If necessary, this period may be extended by (2) two months, depending on the complexity or number of requests.
If you are unsatisfied with Magic Prices' response, you may file a complaint with the UK's Information Commissioner's Office (ICO).
7. Recipients of the Collected Data
The personal data collected by Magic Prices may be shared with selected processors to the extent necessary for their
tasks.
Your personal data may also be shared with third parties, but only after obtaining your explicit prior consent.
8. Data Collection
We may receive personal data from other sources, such as advertisers, advertising networks, authorities, or partners. For example, one of our partners may provide us with details about your interactions after clicking on a product link on our platform.
Generally, you can browse MagicPrices.co.uk without payment or registration.
However, in some cases, we process the personal data listed above when necessary for providing our services.
Data is primarily processed when voluntarily provided by users, such as when registering on our website.
9. Cookies and Trackers
The website uses cookies or other technologies with the same purpose (hereinafter "cookies"). Cookies are text files stored on your device and used to store personal data and technical data relating to your browsing on the website.
Some cookies are essential for using the website, while others allow us to optimise and personalise the displayed content.
Cookies necessary for using the site
These cookies are essential for navigating the website. They enable you to use the main features of the site and to secure your connection. If you disable these cookies, you may no longer be able to use certain features of the site.
Functional cookies
These cookies are not essential for using the website, but they improve its operation and give you access to personalised features, for example by adapting the site's display to your device or preferences.
Analytics cookies
These cookies allow us to analyse traffic and usage data on the website, in order to measure audience, improve the user experience, and understand how you use the site so that we can enhance its features and performance.
Third‑party cookies and social networks
The personal data collected via cookies (such as the cookie identifier) is not sold to third parties, nor used for purposes other than those described below. In the context of links to social networks, no data about you is passed to these services unless you are logged in to your own user account on the relevant social network. In that case, you can directly link or share content from our web pages with that service. To learn more about how your data is collected and processed, please refer to the privacy and data policies of each social network.
Summary of cookies used
| Type of cookies | Name | Provider | Purpose | Lifetime |
|---|---|---|---|---|
| Strictly necessary (security / authentication) | __Host-authjs.csrf-token | Auth.js / NextAuth | Protection against CSRF attacks during authentication | Session |
| Strictly necessary (authentication) | __Secure-authjs.callback-url | Auth.js / NextAuth | Stores the redirection URL after login | Session |
| Strictly necessary (security) | _cfuvid | Cloudflare | Distinguishes users behind the same IP address (security, anti‑bot) | Session |
| Analytics | _clck | Microsoft Clarity | Stores a user ID for behavioural analytics | 12 months |
| Analytics | _clsk | Microsoft Clarity | Groups a user's page views into a single session | 1 day |
| Marketing / Advertising | _fbp | Meta (Facebook) | Tracks visitors for Facebook advertising | 3 months |
| Analytics | _ga | Google Analytics | Distinguishes users | 13 months |
| Analytics | _ga_* | Google Analytics | Maintains session state | 13 months |
| Marketing / Advertising | _gcl_au | Google Ads | Measures the effectiveness of advertising campaigns | 3 months |
| Marketing / Advertising | _rdt_pn | Tracks Reddit advertising conversions | 3 months | |
| Marketing / Advertising | _rdt_uuid | Unique identifier for advertising tracking | 3 months | |
| Consent management | cookieyes-consent | CookieYes | Stores cookie consent preferences | 12 months |
| Consent management | euconsent | IAB Europe (TCF) | Stores the GDPR consent signal (Transparency & Consent Framework) | 12 months |
| Marketing / Advertising | test_cookie | Google DoubleClick | Checks whether the browser accepts cookies | 1 day |
| Marketing / Advertising | IDE | Google DoubleClick | Targeted advertising and performance measurement | 13 months |
| Functional / Authentication | g_state | Manages Google authentication state | 6 months |